diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..96bbfd5 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,10 @@ +live-build (1:20180411) unstable; urgency=medium + + The live-boot mount points have been moved from /lib/live/mount to + /run/live. Since this is a backward-incompatible change, a compat + recursive bind mount point is being provided in /lib/live/mount so + that existing scripts will not break in Debian 10 (Buster). + Please note that this will be removed in Debian 11 (Bullseye) so + plan accordingly and update any required scripts. + + -- Luca Boccassi Wed, 11 Apr 2018 12:35:19 +0100 diff --git a/debian/changelog b/debian/changelog index b7ed0d1..2ff7d26 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,53 @@ +live-build (1:20180411) unstable; urgency=medium + + * ONIE: Check_package in the host, not the chroot + * ONIE: missing dependency on file + * ONIE: add Recommends for programs needed by binary_onie + * Print an error and exit if a host package (dependency) is missing. + * Reconfigure bootstrapped packages after preseeding. + + -- Luca Boccassi Wed, 11 Apr 2018 12:35:19 +0100 + +live-build (1:20180328) unstable; urgency=low + + [ Raphaël Hertzog ] + * Restore i386/amd64 autodetection in grub after rename of + i386 kernel from -486 to -686. Closes: #884585 + Thanks to Adrian Gibanel Lopez for the patch. + * Fix handling of multiple kernels in binary_loopback_cfg. + Closes: #884588 Thanks to Adrian Gibanel Lopez for the patch. + * Rework failsafe entries in grub configuration to be more + consistent with the i386/amd64 autodetection entries. + Closes: #884591 Thanks to Adrian Gibanel Lopez for the patch. + * Add e2fsprogs to Suggests along with mtd-utils, parted. Closes: #887278 + * Fix Check_package invocation in binary_hdd for ntfs-3g + (/sbin/mkfs.nfts -> /sbin/mkfs.ntfs) + * Run mksquashfs with nice -n 19 to not overload the system. + Thanks to Ronny Standtke for the patch. (Closes: #867539) + + [ Luca Boccassi ] + * Fix build with local offline mirrors (Closes: #891206) + + [ Rohan Garg ] + * Simplify bootstrapping of foreign architectures with qemu-debootstrap + (Closes: #847919) + + [ Steven Shiau ] + * Add grub-based UEFI boot support for ARM64 (Closes: #885692) + + [ Luca Boccassi ] + * UEFI: add minimal grub.cfg to fat32 partition (Closes: #892406) + * UEFI: add support for Secure Boot on amd64 and arm64 (Closes: #821084) + * UEFI: use uppercase EFI directory name for Tianocore + * Add NEWS file to warn users about change of live-boot mount paths + * Add options to build ONIE images + * Add Acquire::AllowInsecureRepositories to fix apt-secure in sid + * Use HTTPS in debian/copyright (policy 4.0.0). + * Bump Standards-Version to 4.1.3. + * Add myself to Uploaders. + + -- Luca Boccassi Wed, 28 Mar 2018 20:20:46 +0100 + live-build (1:20171207) unstable; urgency=medium * Use $SOURCE_DATE_EPOCH when updating timestamps of manual pages in order diff --git a/debian/control b/debian/control index bac030d..0044a83 100644 --- a/debian/control +++ b/debian/control @@ -2,15 +2,16 @@ Section: misc Priority: optional Maintainer: Debian Live -Uploaders: Raphaël Hertzog +Uploaders: Raphaël Hertzog , + Luca Boccassi , Build-Depends: debhelper (>= 10), po4a, gettext, -Standards-Version: 4.1.0 +Standards-Version: 4.1.3 Homepage: https://debian-live.alioth.debian.org/live-build/ -Vcs-Browser: https://anonscm.debian.org/cgit/debian-live/live-build.git -Vcs-Git: https://anonscm.debian.org/git/debian-live/live-build.git +Vcs-Browser: https://salsa.debian.org/live-team/live-build +Vcs-Git: https://salsa.debian.org/live-team/live-build.git Package: live-build Architecture: all @@ -19,11 +20,18 @@ ${misc:Depends}, Recommends: apt-utils, + bzip2, cpio, + file, live-boot-doc, live-config-doc, live-manual-html | live-manual, wget, + xz-utils, +Suggests: + e2fsprogs, + parted, + mtd-utils, Description: Live System Build Components The Live Systems project maintains the components to build Debian based Live systems and the official Debian Live images themselves. diff --git a/debian/copyright b/debian/copyright index 0e9eecf..bd5a56f 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,4 +1,4 @@ -Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: live-build Upstream-Contact: Debian Live Project diff --git a/functions/defaults.sh b/functions/defaults.sh index 78ca358..891ede0 100755 --- a/functions/defaults.sh +++ b/functions/defaults.sh @@ -763,12 +763,21 @@ # Setting net tarball LB_NET_TARBALL="${LB_NET_TARBALL:-true}" + # Setting onie + LB_ONIE="${LB_ONIE:-false}" + + # Setting onie additional kernel cmdline options + LB_ONIE_KERNEL_CMDLINE="${LB_ONIE_KERNEL_CMDLINE:-}" + # Setting firmware option LB_FIRMWARE_CHROOT="${LB_FIRMWARE_CHROOT:-true}" LB_FIRMWARE_BINARY="${LB_FIRMWARE_BINARY:-true}" # Setting swap file LB_SWAP_FILE_SIZE="${LB_SWAP_FILE_SIZE:-512}" + + # Setting UEFI Secure Boot + LB_UEFI_SECURE_BOOT="${LB_UEFI_SECURE_BOOT:-auto}" ## config/source diff --git a/functions/packages.sh b/functions/packages.sh index 7c3592d..a119e82 100755 --- a/functions/packages.sh +++ b/functions/packages.sh @@ -18,7 +18,7 @@ if [ "${INSTALL_STATUS}" -ne 0 ] then - if [ "${LB_BUILD_WITH_CHROOT}" != "false" ] + if [ "${LB_BUILD_WITH_CHROOT}" != "false" ] && [ "${CHROOT}" = "chroot" ] then _LB_PACKAGES="${_LB_PACKAGES} ${PACKAGE}" else diff --git a/manpages/en/lb_config.1 b/manpages/en/lb_config.1 index 750a6f2..ac562d2 100644 --- a/manpages/en/lb_config.1 +++ b/manpages/en/lb_config.1 @@ -199,6 +199,10 @@ .br [\fB\-\-net\-tarball\fR true|false] .br + [\fB\-\-onie\fR true|false] +.br + [\fB\-\-onie\-kernel\-cmdline\fR \fI"OPTION1 OPTION2"\fR] +.br [\fB\-\-quiet\fR] .br [\fB\-\-archive\-areas\fR \fIARCHIVE_AREA\fR|\fI"ARCHIVE_AREAS"\fR] @@ -214,6 +218,8 @@ [\fB\-\-tasksel\fR apt|aptitude|tasksel] .br [\fB\-\-templates\fR \fIPATH\fR] +.br + [\fB\-\-uefi\-secure\-boot\fR \fIauto|enable|disable\fR] .br [\fB\-\-hdd\-size \fIMB\fR] .br @@ -430,6 +436,10 @@ sets the IP or hostname that will be configured in the bootloader configuration for the copy\-on\-write filesystem of your netboot image and is by default empty. .IP "\fB\-\-net\-tarball\fR true|false" 4 defines if a compressed tarball should be created. Disabling this options leads to no tarball at all, the plain binary directory is considered the output in this case. Default is true. +.IP "\fB\-\-onie\fR true|false" 4 +defines if an ONIE.bin image is generated. ONIE binaries can be loaded by supported systems, and will in turn boot the live image. Note that iso or hybrid-iso are the only formats supported. For more information visit <\fIhttp://onie.org/\fR>. Default is false. +.IP "\fB\-\-onie\-kernel\-cmdline\fR \fI""OPTION1 OPTION2""\fR" 4 +defines additional kernel command line options that the ONIE system will use when booting the image. Default is empty string. .IP "\fB\-\-quiet\fR" 4 reduces the verbosity of messages output by \fBlb build\fR. .IP "\fB\-\-archive\-areas\fR \fIARCHIVE_AREA\fR|""\fIARCHIVE_AREAS\fR""" 4 @@ -454,6 +464,8 @@ selects which program is used to install tasks. By default, this is set to tasksel. .IP "\fB\-\-templates\fR \fIPATH\fR" 4 sets the path to the templates that live\-build is going to use, e.g. for bootloaders. By default, this is set to /usr/share/live/build/templates/. +.IP "\fB\-\-uefi\-secure\-boot\fR \fIauto|enable|disable\fR" 4 +enables or disables Secure Boot support when using grub-efi, by installing signed shim and grub-efi packages. By default, this is set to auto, which means if the packages are available they will be installed, but if not only a warning will be printed and the normal non-signed grub-efi will be used. .IP "\fB\-\-hdd\-size\fR MB" 4 defines what size the hdd image should be. Note that although the default is set to 10000 (= 10GB), it will not need 10GB space on your harddisk as the files are created as sparse files. .IP "\fB\-\-updates\fR true|false" 4 diff --git a/scripts/build/binary b/scripts/build/binary index 7b0d743..59d835b 100755 --- a/scripts/build/binary +++ b/scripts/build/binary @@ -82,6 +82,7 @@ # Building images lb binary_iso ${@} +lb binary_onie ${@} lb binary_netboot ${@} lb binary_tar ${@} lb binary_hdd ${@} diff --git a/scripts/build/binary_grub-efi b/scripts/build/binary_grub-efi index d24532d..a77a067 100755 --- a/scripts/build/binary_grub-efi +++ b/scripts/build/binary_grub-efi @@ -41,15 +41,73 @@ Create_lockfile .lock # Check architecture -Check_architectures amd64 i386 +Check_architectures amd64 i386 arm64 Check_crossarchitectures # Checking depends -Check_package chroot /usr/lib/grub/x86_64-efi/configfile.mod grub-efi-amd64-bin -Check_package chroot /usr/lib/grub/i386-efi/configfile.mod grub-efi-ia32-bin +case "${LB_ARCHITECTURES}" in + amd64|i386) + Check_package chroot /usr/lib/grub/x86_64-efi/configfile.mod grub-efi-amd64-bin + Check_package chroot /usr/lib/grub/i386-efi/configfile.mod grub-efi-ia32-bin + ;; + arm64) + Check_package chroot /usr/lib/grub/arm64-efi/configfile.mod grub-efi-arm64-bin + ;; +esac Check_package chroot /usr/bin/grub-mkimage grub-common Check_package chroot /usr/bin/mcopy mtools Check_package chroot /sbin/mkfs.msdos dosfstools + +# Check UEFI Secure Boot setting and depends +# By default (auto) do a best-effort build: if the signed binaries are available use +# them, but don't fail if they are not, just print a warning. +case "${LB_ARCHITECTURES}" in + amd64|i386) + _SB_EFI_PLATFORM="x86_64" + _SB_EFI_NAME="x64" + _SB_EFI_DEB="amd64" + ;; + arm64) + _SB_EFI_PLATFORM="arm64" + _SB_EFI_NAME="aa64" + _SB_EFI_DEB="arm64" + ;; +esac + +_PRE_SB_PACKAGES="${_LB_PACKAGES}" +_LB_PACKAGES="shim-signed grub-efi-${_SB_EFI_DEB}-signed" +case "${LB_UEFI_SECURE_BOOT}" in + auto) + # Use Check_installed, as Check_package will error out immediately + set +e + Install_package + set -e + Check_installed chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/grub${_SB_EFI_NAME}.efi.signed \ + grub-efi-${_SB_EFI_DEB}-signed + _GRUB_INSTALL_STATUS="${INSTALL_STATUS}" + Check_installed chroot /usr/lib/shim/shim${_SB_EFI_NAME}.efi.signed \ + shim-signed + + if [ "${INSTALL_STATUS}" -ne 0 -o "${_GRUB_INSTALL_STATUS}" -ne 0 ] + then + Echo_warning "UEFI Secure Boot disabled due to missing signed Grub/Shim." + else + Echo_message "UEFI Secure Boot support enabled." + fi + ;; + enable) + Check_package chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/grub${_SB_EFI_NAME}.efi.signed \ + grub-efi-${_SB_EFI_DEB}-signed + Check_package chroot /usr/lib/shim/shim${_SB_EFI_NAME}.efi.signed \ + shim-signed + Install_package + Echo_message "UEFI Secure Boot support enabled." + ;; + disable) + Echo_message "UEFI Secure Boot support disabled." + ;; +esac +_LB_PACKAGES="${_PRE_SB_PACKAGES}" # Setting destination directory case "${LIVE_IMAGE_TYPE}" in @@ -67,7 +125,7 @@ Install_package # Cleanup files that we generate -rm -rf binary/boot/efi.img binary/boot/grub/i386-efi/ binary/boot/grub/x86_64-efi +rm -rf binary/boot/efi.img binary/boot/grub/i386-efi/ binary/boot/grub/x86_64-efi binary/boot/grub/arm64-efi # This is workaround till both efi-image and grub-cpmodules are put into a binary package case "${LB_BUILD_WITH_CHROOT}" in @@ -93,6 +151,40 @@ set -e +gen_efi_boot_img(){ + local platform="\$1" + local efi_name="\$2" + local netboot_prefix="\$3" + local outdir="grub-efi-temp-\${platform}" + "\${LIVE_BUILD_PATH}/efi-image" "${_CHROOT_DIR}/\$outdir" "\$platform" "\$efi_name" "\$netboot_prefix" + mkdir -p ${_CHROOT_DIR}/grub-efi-temp/EFI/boot + mcopy -n -i ${_CHROOT_DIR}/\$outdir/efi.img '::efi/boot/boot*.efi' ${_CHROOT_DIR}/grub-efi-temp/EFI/boot + cp -r "${_CHROOT_DIR}"/\$outdir/* "${_CHROOT_DIR}/grub-efi-temp/" + + # Secure Boot support: + # - create the EFI directory in the ESP with uppercase letters to make + # certain firmwares (eg: TianoCore) happy + # - use shim as the boot.efi that gets loaded first by the firmware + # - drop a grub.cfg (same reason as below) in the cfg directory as configured + # by the signed grub efi binary creation. At the moment that is EFI/debian + # as set by grub2/debian/build-efi-images and cannot be changed without + # rebuilding grub2 + # - the source paths are taken from shim-signed: + # https://packages.debian.org/sid/amd64/shim-signed/filelist + # and grub-efi-amd64-signed, currently in Ubuntu: + # https://packages.ubuntu.com/xenial/amd64/grub-efi-amd64-signed/filelist + # https://packages.ubuntu.com/bionic/arm64/grub-efi-arm64-signed/filelist + if [ -r ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/grub\$efi_name.efi.signed -a \ + -r ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed -a \ + "${LB_UEFI_SECURE_BOOT}" != "disable" ]; then + mkdir -p ${_CHROOT_DIR}/grub-efi-temp/EFI/debian + cp ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/grub\$efi_name.efi.signed \ + ${_CHROOT_DIR}/grub-efi-temp/EFI/boot/grub\$efi_name.efi + cp ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed \ + ${_CHROOT_DIR}/grub-efi-temp/EFI/boot/boot\$efi_name.efi + fi +} + PRE_EFI_IMAGE_PATH="${PATH}" if [ ! -e "${LIVE_BUILD}" ] ; then LIVE_BUILD_PATH="/usr/lib/live/build" @@ -102,16 +194,33 @@ PATH="${PATH}:\${LIVE_BUILD_PATH}" # Make sure grub-cpmodules is used as if it was installed in the system -"\${LIVE_BUILD_PATH}/efi-image" "${_CHROOT_DIR}/grub-efi-temp-x86_64-efi/" "x86_64-efi" "x64" "debian-live/amd64" -mkdir -p ${_CHROOT_DIR}/grub-efi-temp/efi/boot -mcopy -n -i ${_CHROOT_DIR}/grub-efi-temp-x86_64-efi/efi.img '::efi/boot/boot*.efi' ${_CHROOT_DIR}/grub-efi-temp/efi/boot -cp -r "${_CHROOT_DIR}"/grub-efi-temp-x86_64-efi/* "${_CHROOT_DIR}/grub-efi-temp/" - -"\${LIVE_BUILD_PATH}/efi-image" "${_CHROOT_DIR}/grub-efi-temp-i386-efi/" "i386-efi" "ia32" "debian-live/i386" -PATH="\${PRE_EFI_IMAGE_PATH}" -mkdir -p ${_CHROOT_DIR}/grub-efi-temp/efi/boot -mcopy -n -i ${_CHROOT_DIR}/grub-efi-temp-i386-efi/efi.img '::efi/boot/boot*.efi' ${_CHROOT_DIR}/grub-efi-temp/efi/boot -cp -r "${_CHROOT_DIR}"/grub-efi-temp-i386-efi/* "${_CHROOT_DIR}/grub-efi-temp/" +case "${LB_ARCHITECTURES}" in + amd64|i386) + gen_efi_boot_img "x86_64-efi" "x64" "debian-live/amd64" + gen_efi_boot_img "i386-efi" "ia32" "debian-live/i386" + PATH="\${PRE_EFI_IMAGE_PATH}" + ;; + arm64) + gen_efi_boot_img "arm64-efi" "aa64" "debian-live/arm64" + PATH="\${PRE_EFI_IMAGE_PATH}" + ;; +esac + + +# On some platforms the EFI grub image will be loaded, so grub's root +# variable will be set to the EFI partition. This means that grub will +# look in that partition for a grub.cfg file, and even if it finds it +# it will not be able to find the vmlinuz and initrd. +# Drop a minimal grub.cfg in the EFI partition that sets the root and prefix +# to whatever partition holds the /live/vmlinuz image, and load the grub +# config from that same partition. +# This is what the Ubuntu livecd already does. +mkdir -p ${_CHROOT_DIR}/grub-efi-temp-cfg +cat >${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg </dev/null -mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::efi -mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::efi/boot -mcopy -o -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ${_CHROOT_DIR}/grub-efi-temp/efi/boot/boot*.efi \ - "::efi/boot" +mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::EFI +mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::EFI/boot +mcopy -o -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ${_CHROOT_DIR}/grub-efi-temp/EFI/boot/*.efi \ + "::EFI/boot" + +if [ -d ${_CHROOT_DIR}/grub-efi-temp/EFI/debian ]; then + mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::EFI/debian + mcopy -o -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" \ + ${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg "::EFI/debian" +fi + +mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::boot +mmd -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ::boot/grub +mcopy -o -i "${_CHROOT_DIR}/grub-efi-temp/boot/grub/efi.img" ${_CHROOT_DIR}/grub-efi-temp-cfg/grub.cfg \ + "::boot/grub" END case "${LB_BUILD_WITH_CHROOT}" in @@ -159,11 +291,14 @@ # Remove unnecessary files rm -f chroot/grub-efi-temp/bootnetia32.efi rm -f chroot/grub-efi-temp/bootnetx64.efi +rm -f chroot/grub-efi-temp/bootnetaa64.efi mkdir -p binary cp -r chroot/grub-efi-temp/* binary/ rm -rf chroot/grub-efi-temp-x86_64-efi rm -rf chroot/grub-efi-temp-i386-efi +rm -rf chroot/grub-efi-temp-arm64-efi +rm -rf chroot/grub-efi-temp-cfg rm -rf chroot/grub-efi-temp # We rely on: binary_loopback_cfg to generate grub.cfg and other configuration files diff --git a/scripts/build/binary_hdd b/scripts/build/binary_hdd index c6b842e..a0d4539 100755 --- a/scripts/build/binary_hdd +++ b/scripts/build/binary_hdd @@ -50,7 +50,7 @@ ;; ntfs) - Check_package chroot /sbin/mkfs.nfts ntfs-3g + Check_package chroot /sbin/mkfs.ntfs ntfs-3g ;; esac diff --git a/scripts/build/binary_loopback_cfg b/scripts/build/binary_loopback_cfg index 00f537c..f710ed4 100755 --- a/scripts/build/binary_loopback_cfg +++ b/scripts/build/binary_loopback_cfg @@ -99,8 +99,8 @@ local LABEL="${1}" local AMD64_KERNEL="${2}" local AMD64_INITRD="${3}" - local _486_KERNEL="${4}" - local _486_INITRD="${5}" + local _686_KERNEL="${4}" + local _686_INITRD="${5}" local APPEND="${6}" cat < +## Copyright (C) 2018 Luca Boccassi +## +## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING. +## This is free software, and you are welcome to redistribute it +## under certain conditions; see COPYING for details. + + +set -e + +# Including common functions +[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh + +# Setting static variables +DESCRIPTION="$(Echo 'build ONIE binary image')" +HELP="" +USAGE="${PROGRAM} [--force]" + +Arguments "${@}" + +# Reading configuration files +Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source +Set_defaults + +if [ "${LB_ONIE}" != "true" ] +then + exit 0 +fi + +case "${LIVE_IMAGE_TYPE}" in + iso) + IMAGE="${LIVE_IMAGE_NAME}-${LB_ARCHITECTURES}.iso" + ;; + iso-hybrid) + IMAGE="${LIVE_IMAGE_NAME}-${LB_ARCHITECTURES}.hybrid.iso" + ;; + *) + exit 0 + ;; +esac + +Echo_message "Begin building onie binary..." + +# Requiring stage file +Require_stagefile .build/config .build/binary_iso + +# Checking stage file +Check_stagefile .build/binary_onie + +# Checking lock file +Check_lockfile .lock + +# Creating lock file +Create_lockfile .lock + +Check_package host /bin/cpio cpio +Check_package host /usr/bin/file file +Check_package host /usr/bin/sha1sum coreutils +Check_package host /bin/zcat gzip +Check_package host /bin/gzip gzip +Check_package host /usr/bin/xzcat xz-utils +Check_package host /usr/bin/xz xz-utils +Check_package host /bin/bzcat bzip2 +Check_package host /bin/bzip2 bzip2 + +### Adds needed helper script +## Based on https://github.com/opencomputeproject/onie/blob/master/contrib/debian-iso/sharch_body.sh +cat > sharch_body.sh << EOF +#!/bin/sh + +# +# Copyright (C) 2015 Curt Brune +# +# SPDX-License-Identifier: GPL-2.0 +# + +# +# Shell archive template +# +# Strings of the form %%VAR%% are replaced during construction. +# + +echo -n "Verifying image checksum ..." +sha1=\$(sed -e '1,/^exit_marker$/d' "\$0" | sha1sum | awk '{ print \$1 }') + +payload_sha1=%%IMAGE_SHA1%% + +if [ "\$sha1" != "\$payload_sha1" ] ; then + echo + echo "ERROR: Unable to verify archive checksum" + echo "Expected: \$payload_sha1" + echo "Found : \$sha1" + exit 1 +fi + +echo " OK." + +tmp_dir= +clean_up() { + if [ "\$(id -u)" = "0" ] ; then + umount \$tmp_dir > /dev/null 2>&1 + fi + rm -rf \$tmp_dir + exit \$1 +} + +# Untar and launch install script in a tmpfs +cur_wd=\$(pwd) +archive_path=\$(realpath "\$0") +tmp_dir=\$(mktemp -d) +if [ "\$(id -u)" = "0" ] ; then + mount -t tmpfs tmpfs-installer \$tmp_dir || clean_up 1 +fi +cd \$tmp_dir +echo -n "Preparing image archive ..." +sed -e '1,/^exit_marker\$/d' \$archive_path | tar xf - || clean_up 1 +echo " OK." +cd \$cur_wd + +extract=no +args=":x" +while getopts "\$args" a ; do + case \$a in + x) + extract=yes + ;; + *) + ;; + esac +done + +if [ "\$extract" = "yes" ] ; then + # stop here + echo "Image extracted to: \$tmp_dir" + if [ "\$(id -u)" = "0" ] ; then + echo "To un-mount the tmpfs when finished type: umount \$tmp_dir" + fi + exit 0 +fi + +\$tmp_dir/installer/install.sh "\$@" +rc="\$?" + +clean_up \$rc + +exit_marker +EOF + + +### Based on onie cookbits script... +### https://github.com/opencomputeproject/onie/blob/master/contrib/debian-iso/cook-bits.sh + +CURDIR=`pwd` +OUT=${CURDIR}/output +rm -rf $OUT +mkdir -p $OUT + +WORKDIR=${CURDIR}/work +EXTRACTDIR="$WORKDIR/extract" +INSTALLDIR="$WORKDIR/installer" + +IN_IMAGE="${IMAGE}" + +output_file="${OUT}/${IN_IMAGE}-ONIE.bin" + +echo "Creating $output_file:" + +# prepare workspace +[ -d $EXTRACTDIR ] && chmod +w -R $EXTRACTDIR +rm -rf $WORKDIR +mkdir -p $EXTRACTDIR +mkdir -p $INSTALLDIR + +# Link the iso binary root to the onie extract dir +ln -s ${CURDIR}/binary/* ${EXTRACTDIR} +echo -n "." + +## pack ISO into initrd +# create initrd working dir +INITDIR=${WORKDIR}/initrd-extract +rm -rf ${INITDIR} +mkdir -p ${INITDIR} +cd ${INITDIR} +# extract current initrd +case $(file --brief --mime --dereference $EXTRACTDIR/live/initrd.img | \ + sed "s/application\/\(.*\);.*/\1/") in + gzip) + UNCOMPRESS="zcat" + COMPRESS="gzip" + ;; + x-xz) + UNCOMPRESS="xzcat" + COMPRESS="xz --check=crc32" + ;; + x-bzip2) + UNCOMPRESS="bzcat" + COMPRESS="bzip2" + ;; + x-lzma) + UNCOMPRESS="lzcat --suffix \"\"" + COMPRESS="lzma" + ;; + octet-stream) + UNCOMPRESS="cat" + COMPRESS="cat" + ;; + *) + echo "ERROR: Unable to detect initrd compression format." + exit 1 + ;; +esac + +$UNCOMPRESS $EXTRACTDIR/live/initrd.img | cpio -d -i -m +echo -n "." +# copy inputed iso into initrd +cp "${CURDIR}/${IN_IMAGE}" ./conf/live.iso +echo -n "." +# repack +find . | cpio -o -H newc | $COMPRESS > ${WORKDIR}/initrd.img +# cd back into root dir +cd ${CURDIR} +echo -n "." + +KERNEL='vmlinuz' +IN_KERNEL=$EXTRACTDIR/live/$KERNEL +[ -r $IN_KERNEL ] || { + echo "ERROR: Unable to find kernel in ISO: $IN_KERNEL" + exit 1 +} +INITRD='initrd.img' +IN_INITRD=$WORKDIR/$INITRD +[ -r $IN_INITRD ] || { + echo "ERROR: Unable to find initrd in ISO: $IN_INITRD" + exit 1 +} + +# Note: specify kernel args you want the Debian installer to +# automatically append by putting them after the special marker "---". +# Here we want the Deb installer to auto include the serial console +# parameters. +# The minimal required parameters are included by default, and users +# can add more depending on what they need, eg: systemd parameters. +KERNEL_ARGS="--- boot=live nopersistent noeject dhcp fromiso=/conf/live.iso" +KERNEL_ARGS="${KERNEL_ARGS} ${LB_ONIE_KERNEL_CMDLINE}" + +# To debug DI preseed file add these args +# DI_DEBUG_ARGS="DEBCONF_DEBUG=5 dbg/flags=all-x" + +# Debian installer args +DI_ARGS="auto=true priority=critical $DI_DEBUG_ARGS" + +cp -r $IN_KERNEL $IN_INITRD $INSTALLDIR + +# Create custom install.sh script +touch $INSTALLDIR/install.sh +chmod +x $INSTALLDIR/install.sh + +(cat < /dev/null 2&>1 +done + +# bonk out on errors +set -e + +echo "auto-detecting console..." +tty=\$(cat /sys/class/tty/console/active 2>/dev/null | awk 'END {print \$NF}') +speed=\$(stty -F /dev/\$tty speed 2>/dev/null) +bits=\$(stty -F /dev/\$tty -a 2>/dev/null | grep -o cs[5-8]) +bits=\$(echo \$bits | grep -o [5-8]) + +con='' +if [ -n "\$speed" ]; then + con="console=\$tty,\${speed}n\${bits}" +else + con="console=\$tty" +fi + +echo "using \$con" + +kcmd_console=\$(cat /proc/cmdline | grep -o 'console=.* ') +kcmd_console=\$(echo \$kcmd_console | cut -d' ' -f2) # remove tty0 + +if [ \${kcmd_console}x != \${con}x ]; then + echo "WARNING: Detected console does not match boot console: \$kcmd_console != \$con" +fi + +echo "Loading new kernel ..." +echo "kexec --load --initrd=$INITRD --append=\"$DI_ARGS $KERNEL_ARGS \$con\" $KERNEL" +kexec --load --initrd=$INITRD --append="$DI_ARGS $KERNEL_ARGS \$con" $KERNEL +kexec --exec + +EOF +) >> $INSTALLDIR/install.sh +echo -n "." + +# Repackage $INSTALLDIR into a self-extracting installer image +sharch="$WORKDIR/sharch.tar" +tar -C $WORKDIR -cf $sharch installer || { + echo "Error: Problems creating $sharch archive" + exit 1 +} + +[ -f "$sharch" ] || { + echo "Error: $sharch not found" + exit 1 +} +echo -n "." + +sha1=$(cat $sharch | sha1sum | awk '{print $1}') +echo -n "." + +cp sharch_body.sh $output_file || { + echo "Error: Problems copying sharch_body.sh" + exit 1 +} + +# Replace variables in the sharch template +sed -i -e "s/%%IMAGE_SHA1%%/$sha1/" $output_file +echo -n "." +cat $sharch >> $output_file +mv $output_file ${CURDIR} +rm -rf $tmp_dir +rm -rf $OUT $WORKDIR +echo " Done." +ls -la $(basename $output_file) +Echo_message "onie-installer created..." + +# Creating stage file +Create_stagefile .build/binary_onie diff --git a/scripts/build/binary_rootfs b/scripts/build/binary_rootfs index 6c797ac..d50cf3b 100755 --- a/scripts/build/binary_rootfs +++ b/scripts/build/binary_rootfs @@ -352,7 +352,7 @@ fi # Create image - Chroot chroot "mksquashfs chroot filesystem.squashfs ${MKSQUASHFS_OPTIONS}" + Chroot chroot "nice -n 19 mksquashfs chroot filesystem.squashfs ${MKSQUASHFS_OPTIONS}" rm -f chroot/chroot/excludes @@ -413,7 +413,7 @@ MKSQUASHFS_OPTIONS="${MKSQUASHFS_OPTIONS} -wildcards -ef config/rootfs/excludes" fi - mksquashfs chroot binary/${INITFS}/filesystem.squashfs ${MKSQUASHFS_OPTIONS} + nice -n 19 mksquashfs chroot binary/${INITFS}/filesystem.squashfs ${MKSQUASHFS_OPTIONS} du -B 1 -s chroot | cut -f1 > binary/${INITFS}/filesystem.size ;; diff --git a/scripts/build/bootstrap_debootstrap b/scripts/build/bootstrap_debootstrap index a89fc42..99f0a22 100755 --- a/scripts/build/bootstrap_debootstrap +++ b/scripts/build/bootstrap_debootstrap @@ -62,7 +62,6 @@ then # Modify archive areas to remove leading/trailing whitespaces and replace other whitepspace with commas DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --components=$(echo ${LB_ARCHIVE_AREAS} | sed -e 's| |,|g')" - FOREIGN_DEBOOTSTRAP_OPTIONS="--components=$(echo ${LB_ARCHIVE_AREAS} | sed -e 's| |,|g')" fi if [ "${_VERBOSE}" = "true" ] @@ -108,12 +107,8 @@ DEBOOTSTRAP_OPTIONS="${DEBOOTSTRAP_OPTIONS} --exclude=$(echo ${LB_BOOTSTRAP_QEMU_EXCLUDE} | sed 's| *|,|g')" fi - Echo_message "Bootstrap will be foreign" - debootstrap ${DEBOOTSTRAP_OPTIONS} --foreign "${LB_PARENT_DISTRIBUTION}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT} - - Echo_message "Running debootstrap second stage under QEMU" - cp ${LB_BOOTSTRAP_QEMU_STATIC} chroot/usr/bin - Chroot chroot /bin/sh /debootstrap/debootstrap --second-stage ${FOREIGN_DEBOOTSTRAP_OPTIONS} + Echo_message "Running debootstrap with qemu-debootstrap" + qemu-debootstrap ${DEBOOTSTRAP_OPTIONS} "${LB_PARENT_DISTRIBUTION}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT} else debootstrap ${DEBOOTSTRAP_OPTIONS} "${LB_PARENT_DISTRIBUTION}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT} fi diff --git a/scripts/build/chroot_apt b/scripts/build/chroot_apt index d48da7e..4888ebd 100755 --- a/scripts/build/chroot_apt +++ b/scripts/build/chroot_apt @@ -78,11 +78,13 @@ true) echo "APT::Get::AllowUnauthenticated \"false\";" > chroot/etc/apt/apt.conf.d/00secure echo "Aptitude::CmdLine::Ignore-Trust-Violations \"false\";" >> chroot/etc/apt/apt.conf.d/00secure + echo "Acquire::AllowInsecureRepositories \"false\";" >> chroot/etc/apt/apt.conf.d/00secure ;; false) echo "APT::Get::AllowUnauthenticated \"true\";" > chroot/etc/apt/apt.conf.d/00secure echo "Aptitude::CmdLine::Ignore-Trust-Violations \"true\";" >> chroot/etc/apt/apt.conf.d/00secure + echo "Acquire::AllowInsecureRepositories \"true\";" >> chroot/etc/apt/apt.conf.d/00secure ;; esac diff --git a/scripts/build/chroot_archives b/scripts/build/chroot_archives index 85ad35b..596fafc 100755 --- a/scripts/build/chroot_archives +++ b/scripts/build/chroot_archives @@ -449,12 +449,6 @@ mv chroot/etc/apt/sources.list.d/zz-sources.list chroot/etc/apt/sources.list fi - # Unmount local repository -if echo "${LB_PARENT_MIRROR_CHROOT}" | grep -q '^file:/' -then - Chroot_unbind_path chroot "$(echo ${LB_PARENT_MIRROR_CHROOT} | sed -e 's|file:||')" -fi - # Configure generic indices # Cleaning apt list cache rm -rf chroot/var/lib/apt/lists @@ -652,6 +646,12 @@ # Updating indices Apt chroot update + # Unmount local repository - after apt update or it will fail due to missing files + if echo "${LB_PARENT_MIRROR_CHROOT}" | grep -q '^file:/' + then + Chroot_unbind_path chroot "$(echo ${LB_PARENT_MIRROR_CHROOT} | sed -e 's|file:||')" + fi + # Cleaning apt package cache rm -rf chroot/var/cache/apt mkdir -p chroot/var/cache/apt/archives/partial diff --git a/scripts/build/chroot_preseed b/scripts/build/chroot_preseed index ab04df0..028daa8 100755 --- a/scripts/build/chroot_preseed +++ b/scripts/build/chroot_preseed @@ -59,6 +59,21 @@ # Removing local preseed file rm -f chroot/root/preseed + + # After preseeding debconf, reconfigure packages that have already + # been installed in the debootstrap phase. + # Strip comments and empty lines and take first column (pkg name). + sed -e 's/[[:space:]]*#.*//' -e '/^[[:space:]]*$/d' \ + -e 's/[[:space:]].*//g' "${PRESEED}" | \ + while read PKG + do + # Don't know the filename, but we want to query only dpkg + Check_installed chroot "placeholder" "${PKG}" + if [ ${INSTALL_STATUS} -eq 0 ] + then + Chroot chroot "dpkg-reconfigure ${PKG}" + fi + done fi done diff --git a/scripts/build/config b/scripts/build/config index c692a92..6c2ab3b 100755 --- a/scripts/build/config +++ b/scripts/build/config @@ -105,6 +105,8 @@ \t [--net-cow-path PATH]\n\ \t [--net-cow-server IP|HOSTNAME]\n\ \t [--net-tarball true|false]\n\ +\t [--onie true|false]\n\ +\t [--onie-kernel-cmdline \"OPTION1 OPTION2\"]\n\ \t [--quiet]\n\ \t [--archive-areas ARCHIVE_AREA|\"ARCHIVE_AREAS\"]\n\ \t [--parent-archive-areas ARCHIVE_AREA|\"ARCHIVE_AREAS\"]\n\ @@ -116,6 +118,7 @@ \t [--swap-file-path PATH]\n\ \t [--swap-file-size MB]\n\ \t [--tasksel apt|aptitude|tasksel]\n\ +\t [--uefi-secure-boot auto|enable|disable]\n\ \t [--updates true|false]\n\ \t [--backports true|false]\n\ \t [--verbose]\n\ @@ -145,9 +148,10 @@ grub-splash:,isohybrid-options:,hdd-label:,hdd-size:,hdd-partition-start:,iso-application:,iso-preparer:,iso-publisher:, iso-volume:,jffs2-eraseblock:,memtest:,net-root-filesystem:,net-root-mountoptions:, net-root-path:,net-root-server:,net-cow-filesystem:,net-cow-mountoptions:,net-cow-path:, - net-cow-server:,net-tarball:,firmware-binary:,firmware-chroot:,swap-file-path:,swap-file-size:, + net-cow-server:,net-tarball:,onie:,onie-kernel-cmdline:,firmware-binary:,firmware-chroot:,swap-file-path:,swap-file-size:, loadlin:,win32-loader:,source:,source-images:,breakpoints,conffile:,debug,force, help,ignore-system-defaults,quiet,usage,verbose,version,bootstrap-qemu-static:,bootstrap-qemu-arch:, + uefi-secure-boot:, bootstrap-qemu-exclude:" # Remove spaces added by indentation LONG_OPTIONS="$(echo ${LONG_OPTIONS} | tr -d ' ')" @@ -654,6 +658,16 @@ shift 2 ;; + --onie) + LB_ONIE="${2}" + shift 2 + ;; + + --onie-kernel-cmdline) + LB_ONIE_KERNEL_CMDLINE="${2}" + shift 2 + ;; + --firmware-binary) LB_FIRMWARE_BINARY="${2}" shift 2 @@ -671,6 +685,11 @@ --swap-file-size) LB_SWAP_FILE_SIZE="${2}" + shift 2 + ;; + + --uefi-secure-boot) + LB_UEFI_SECURE_BOOT="${2}" shift 2 ;; @@ -1284,6 +1303,14 @@ # (Default: ${LB_NET_TARBALL}) LB_NET_TARBALL="${LB_NET_TARBALL}" +# \$LB_ONIE: set onie +# (Default: ${LB_ONIE}) +LB_ONIE="${LB_ONIE}" + +# \$LB_ONIE_KERNEL_CMDLINE: set onie additional kernel cmdline options +# (Default: ${LB_ONIE_KERNEL_CMDLINE}) +LB_ONIE_KERNEL_CMDLINE="${LB_ONIE_KERNEL_CMDLINE}" + # \$LB_FIRMWARE_BINARY: include firmware packages in debian-installer # (Default: ${LB_FIRMWARE_BINARY}) LB_FIRMWARE_BINARY="${LB_FIRMWARE_BINARY}" @@ -1299,6 +1326,10 @@ # \$LB_SWAP_FILE_SIZE: set swap file size # (Default: ${LB_SWAP_FILE_SIZE}) LB_SWAP_FILE_SIZE="${LB_SWAP_FILE_SIZE}" + +# \$LB_UEFI_SECURE_BOOT: enable/disable UEFI secure boot +# (Default: ${LB_UEFI_SECURE_BOOT}) +LB_UEFI_SECURE_BOOT="${LB_UEFI_SECURE_BOOT}" EOF # Creating lb_source_* configuration